Vulnerabilities > Vmware > Cloud Foundation

DATE CVE VULNERABILITY TITLE RISK
2024-01-16 CVE-2023-34063 Missing Authorization vulnerability in VMWare Aria Automation and Cloud Foundation
Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.
network
low complexity
vmware CWE-862
8.3
8.3
2023-09-27 CVE-2023-34043 Improper Privilege Management vulnerability in VMWare Aria Operations and Cloud Foundation
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
local
low complexity
vmware CWE-269
6.7
6.7
2023-05-30 CVE-2023-20884 Open Redirect vulnerability in VMWare products
VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.
network
low complexity
vmware CWE-601
6.1
6.1
2023-05-12 CVE-2023-20877 Unspecified vulnerability in VMWare Cloud Foundation and Vrealize Operations
VMware Aria Operations contains a privilege escalation vulnerability.
network
low complexity
vmware
8.8
8.8
2023-05-12 CVE-2023-20878 Deserialization of Untrusted Data vulnerability in VMWare Cloud Foundation and Vrealize Operations
VMware Aria Operations contains a deserialization vulnerability.
network
low complexity
vmware CWE-502
7.2
7.2
2023-05-12 CVE-2023-20879 Unspecified vulnerability in VMWare Cloud Foundation and Vrealize Operations
VMware Aria Operations contains a Local privilege escalation vulnerability.
local
low complexity
vmware
6.7
6.7
2023-05-12 CVE-2023-20880 Unspecified vulnerability in VMWare Aria Operations and Cloud Foundation
VMware Aria Operations contains a privilege escalation vulnerability.
local
low complexity
vmware
6.7
6.7
2023-04-20 CVE-2023-20864 Deserialization of Untrusted Data vulnerability in VMWare Aria Operations for Logs and Cloud Foundation
VMware Aria Operations for Logs contains a deserialization vulnerability.
network
low complexity
vmware CWE-502
critical
 9.8
9.8
2023-04-20 CVE-2023-20865 Command Injection vulnerability in VMWare Aria Operations for Logs and Cloud Foundation
VMware Aria Operations for Logs contains a command injection vulnerability.
network
low complexity
vmware CWE-77
7.2
7.2
2022-12-14 CVE-2022-31700 Unspecified vulnerability in VMWare Access, Cloud Foundation and Identity Manager
VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability.
network
low complexity
vmware
7.2
7.2